Privacy Policy
Last Updated: December 14, 2025
Rosalie Sutton's website is owned and operated by Dinofin OÜ (registry code 16701124, Ahtri tn 12, 15551 Tallinn, Estonia), which is the data controller for your personal information.
We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Personal Information We Collect
Automatically Collected Information (Device Information)
When you visit our website, we automatically collect certain information about your device and browsing activity, including:
Web browser type and version
IP address
Time zone
Pages or products you view
Website or search terms that referred you to our site
How you interact with the site
This "Device Information" is collected through cookies and similar tracking technologies (see our Cookie Policy for details).
Information You Provide Directly
When You Contact Us:
We collect the following information when you use our contact form:
Full Name (optional)
Email Address
Your message
We use this information to respond to your inquiries. Our legal basis is our legitimate interest in providing support and communicating with website visitors.
When You Subscribe to Our Newsletter:
We collect your email address when you voluntarily subscribe to our newsletter through Substack. You must confirm your email address by clicking a verification link (double opt-in process) before being added to our subscriber list.
We may also collect your email address when you provide explicit consent to receive marketing communications.
How We Use Your Information
Newsletter and Marketing Communications
We use your email address to:
Deliver our newsletter and regular updates
Send you requested free materials and resources
Communicate about our offerings and products
Personalize your content experience
You can unsubscribe at any time by clicking the unsubscribe link in any email or by contacting us directly.
Website Analytics and Improvement
We use Device Information to analyze how visitors use our website, improve functionality, and enhance user experience.
Third-Party Services and Data Processing
We use the following third-party services, which may process your personal data:
Substack (Email Newsletter Distribution)
What they collect: Email address and engagement data (opens, clicks)
How your data is stored: In the United States
Legal safeguards: Standard Contractual Clauses
Important: Substack is a US-based company. Your data is transferred from the EU to the US and may be subject to access by US government authorities under applicable US laws. Please review Substack's Privacy Policy at https://substack.com/privacy for details on how they handle your information.
Google Analytics (Website Traffic Analysis)
What they collect: IP address, browser type, pages visited, and usage patterns
Data location: Google's servers (may be outside the EEA)
Your choice: You can opt out of data collection by installing the Google Analytics Opt-out Browser Add-on located at https://tools.google.com/dlpage/gaoptout.
Hostinger (Website Hosting)
What they collect: IP addresses and browser information
Data location: Within the EEA
More information: See Hostinger's Privacy Policy
Amazon (Book Sales)
What they collect: Order and payment information (we do not have access to your payment details)
Your data: Processed by Amazon according to their Privacy Notice
More information: Visit Amazon's privacy page for details
Cookies and Tracking Technologies
Our website and third-party services use cookies and similar tracking technologies to operate and improve our services. For a detailed explanation of the cookies we use and how to manage them, please refer to our Cookie Policy.
International Data Transfers
Dinofin OÜ is based in the European Union. We prioritize using service providers that process data within the EEA or in countries with EU adequacy decisions (such as the UK).
However, some of our service providers, including Substack, Google Analytics, and Amazon, operate globally and may process your data outside the EEA. These transfers comply with GDPR through:
Standard Contractual Clauses (SCCs)
EU adequacy decisions
Other approved legal safeguards
These mechanisms ensure your data receives protection equivalent to EEA standards.
Data Retention
We retain your personal data only as long as necessary to:
Provide you with our services
Comply with legal obligations
Fulfill the purposes described in this policy
When we no longer need your information, we delete it from our systems or depersonalize it so you cannot be identified. You can request deletion of your personal data at any time by contacting us.
Your Legal Basis for Processing
Under GDPR, we process your personal data based on:
Consent: We process your email address for marketing communications based on your explicit consent when you subscribe to our newsletter.
Contractual Necessity: We process information needed to fulfill any contracts or orders you make with us (e.g., through Amazon).
Legitimate Interest: We process Device Information to improve our website, prevent abuse, and understand how our services are used. We only do this when our interests are balanced against your rights.
Your Data Protection Rights
As a resident of the European Economic Area (EEA), you have the following rights regarding your personal data:
Right to Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request that we correct inaccurate or incomplete information.
Right to Erasure ("Right to Be Forgotten"): You can request deletion of your personal data, subject to certain legal exceptions.
Right to Restrict Processing: You can request that we limit how we use your data.
Right to Data Portability: You can request your data in a structured, machine-readable format for transfer to another service.
Right to Object: You can object to our processing of your personal data.
Right to Withdraw Consent: You can withdraw consent for marketing communications at any time by clicking "unsubscribe" in our emails or contacting us directly.
Right to Lodge a Complaint: You have the right to file a complaint with your local Data Protection Authority if you believe we have violated your rights.
How to Exercise Your Rights
To exercise any of these rights, please contact us via our contact form. We will respond to your request within 30 days. We may ask you to verify your identity before responding.
Note: For data held by third-party services where they are the data controller (such as your Amazon account or Substack profile), you may need to contact them directly to exercise your rights. We will provide guidance on how to do so.
Information Security
We maintain reasonable administrative, technical, and physical safeguards to protect your personal data from unauthorized access, use, or disclosure. Your information is stored on secure computer servers in a controlled environment.
However, no data transmission over the Internet is completely secure. While we take precautions to protect your information, we cannot guarantee absolute security.
Links to Third-Party Websites
Our website may contain links to other websites not owned or controlled by us. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal information.
Legal Disclosure
We may disclose your information when required or permitted by law, including to comply with legal process (such as a subpoena), protect our rights, investigate fraud, or respond to government requests.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us via our Contact page.
